Monitorr
by Monitorr
Source repositories
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-28871 | Cri | 0.74 | 9.8 | 0.86 | Feb 10, 2021 | Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. | ||
| CVE-2020-28872 | Cri | 0.64 | 9.8 | 0.03 | Apr 12, 2021 | An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials. | ||
| CVE-2013-7070 | Cri | 0.57 | 9.8 | 0.04 | Dec 31, 2019 | The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI. | ||
| CVE-2023-26775 | Hig | 0.55 | 7.8 | 0.49 | Apr 4, 2023 | File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint. | ||
| CVE-2023-26776 | Med | 0.40 | 6.1 | 0.01 | Apr 4, 2023 | Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file. | ||
| CVE-2018-7649 | Med | 0.40 | 6.1 | 0.01 | Aug 2, 2018 | Monitorix before 3.10.1 allows XSS via CGI variables. | ||
| CVE-2013-7071 | Med | 0.33 | 6.1 | 0.01 | Dec 31, 2019 | Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||
| CVE-2025-7060 | Med | 0.27 | 4.1 | 0.00 | Jul 4, 2025 | A vulnerability was found in Monitorr up to 1.7.6m. It has been classified as problematic. This affects an unknown part of the file assets/config/_installation/mkdbajax.php of the component Installer. The manipulation of the argument datadir leads to improper input validation.… | ||
| CVE-2021-3325 | Cri | 0.00 | 9.8 | 0.02 | Jan 27, 2021 | Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations… |
- risk 0.74cvss 9.8epss 0.86
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.
- risk 0.64cvss 9.8epss 0.03
An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials.
- risk 0.57cvss 9.8epss 0.04
The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI.
- risk 0.55cvss 7.8epss 0.49
File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint.
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file.
- risk 0.40cvss 6.1epss 0.01
Monitorix before 3.10.1 allows XSS via CGI variables.
- risk 0.33cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
- risk 0.27cvss 4.1epss 0.00
A vulnerability was found in Monitorr up to 1.7.6m. It has been classified as problematic. This affects an unknown part of the file assets/config/_installation/mkdbajax.php of the component Installer. The manipulation of the argument datadir leads to improper input validation.…
- risk 0.00cvss 9.8epss 0.02
Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations…